this post was submitted on 28 Apr 2024
388 points (83.4% liked)
Technology
80479 readers
3441 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So, it really depends on your personal threat model.
For background: the biometric data doesn't leave the device, it uses an on-device recognition system to either unlock the device, or to gain access to a hardware security module that uses very strong cryptography for authentication.
Most people aren't defending against an attacker who has access to them and their device at the same time, they're defending against someone who has either the device or neither.
The hardware security module effectively eliminates the remote attacker when used with either biometric or PIN.
For the stolen or lost phone attack, biometric is slightly more secure, but it's moot because of the pin existing for fallback.
The biggest security advantage the biometrics have to offer is that they're very hard to forget, and very easy to use.
Ease of use means more people are likely to adopt the security features using that hardware security module provides, and that's what's really dialing up the security.
Passwords are most people's biggest vulnerability.
While I do respect that viewpoint, there's a lot more independent scrutiny of the hardware modules than there are around the parts that would handle any other authentication mechanism you might use.
Pixel phone example iPhone example
Just because something isn't perfect doesn't mean we should keep using the less good thing that it replaces.
Use the PIN if that's more your cup of tea, just so long as you move away from passwords, since it's the HSM that's the protection, not the biometrics. Those are just to make it easier than passwords.
The point being that most people do not need to ever change their biometric data, because it isn't used for remote authentication.
It's about picking the right threat model, and for most people anything that gets them using the HSM is an improvement to their security.
If you're that afraid if the people who build phones, why are you ok with using any device that can access the internet?
You should be more worried about your local doctor's office contracting some cheap-ass company to handle your data and ending up in a branch than being concerned about biometrics.
Or hell, Experian had that insane breach of basically everyone's information years ago. Biometrics are not the problem, it's smaller companies that you have to deal with all the time skimping on security because they think they can't afford it.
And then companies even more shady than Google and Apple and Samsung (loan companies, health systems contractors, banks, credit card companies, insurance companies) have all your data and are more likely to be involved in a data breach.
Using biometric data to unlock your phone does not make you more vulnerable to petty criminals.
Not with that attitude! You can absolutely change your face. its rather inadvisable
Face… off…
it’s not a password; it’s closer to a username.
but realistically it’s not in my personal threat model to be ready to get tied down and forced to unlock my phone. everyone with windows on their house should know that security is mostly about how far an adversary is willing to go to try to steal from you.
personally, i like the natural daylight, and i’m not paranoid enough to brick up my windows just because it’s a potential ingress.
it’s an analogy that applies to me. tldr worrying about having my identity stolen via physical access to my phone isn’t part of my threat model. i live in a safe city, and i don’t have anything the police could find to incriminate me. everyone is going to have a different threat model. some people need to brick up their windows
like i said, it’s more of a username than a password
First provide proof that you can pull out biometric data out of a secure element in a phone.
That's not retrieving the biometric data from the device, that's retrieving the biometric data from surveillance or physical interaction.
It's quite specifically the type of threat that most people do not need to worry about.
That's a much better example.
Physical access to the device by a sophisticated attacker is well outside the realm of most people's risk profile.
That's why I put Linux on my house.
Joke’s on them. My yo-yo diet keeps me safe from accurate body shape biometrics.
Same here. Still using the pattern lock. I've never used fingerprint not to even mention face scan.